Security Think Tank: Arguments for and against unified threat management

Unified threat management (UTM) is a converged platform for security systems. It allows several security systems to be managed and run through a single portal.

This means security outputs and intelligence will be consistent and also potentially converged. In terms of response, this can mean faster and more informed threat responses, with a greater speed to insight from the reports generated.

It also means you have a single point of failure for your security systems, and that whilst you may have combined several functions into one platform (and supplier/manufacturer), you are relying upon all of those functions to be carried out as efficiently, accurately and comprehensively as a single function offering could do and to the same quality standard. Therefore, it is as strong as its weakest component.

This is why defence in depth and using technology from a variety of suppliers and manufacturers has generally been a popular methodology. It has meant that security teams are therefore not effectively de-skilling from other tools in favour of being tied in to one supplier or manufacturer, or methodology, for that matter. So, in short, there are arguments for and against.

Using UTM also means managing your own expectations, and it won’t surprise you to learn it is vital before buying any security system to first establish what you are protecting, why and from what you are protecting it. It seems basic, but you would be amazed at the thought that sometimes fails to go into this part of a specification.

For it to be the right tool for the job, you need to know what the job is, right? You also still need good humans. They are the ones who will be configuring these systems, and the Information Commissioner’s Office (ICO) tells us that misconfigured software or hardware is one of the top causes of data breach in the UK.

Your humans are also going to be managing, running, patching, etc, so the UTM itself is not the whole of the solution. It won’t make you compliant with legislation and it won’t train your staff.

It also won’t make management say, “Yes, OK, we can see we need some downtime for patching”. We therefore need to manage our own expectations of what a UTM can and can’t do, as well as knowing what we need it to do. There is no point in replacing a number of unnecessary security solutions from a range of suppliers with a number of unnecessary security solutions from a single supplier.

You need to make sure you have the skills, plan and team in place and that you are able to act upon intelligence that systems like these generate. Again, this is part of managing your own expectation of what it can achieve and knowing it can and will provide you with insight. You need to make sure you have your people and plans ready to make the most of that insight.